From 4ac0ff3cace7dd91c3f3d945b96932deb610d4f7 Mon Sep 17 00:00:00 2001 From: Chris McDonough Date: Wed, 16 Jul 2008 10:48:38 +0000 Subject: Add convenience has_permission function. --- repoze/bfg/sampleapp/templates/blog.pt | 2 +- repoze/bfg/sampleapp/views.py | 7 ++++++- repoze/bfg/security.py | 8 ++++++++ repoze/bfg/tests/test_security.py | 25 ++++++++++++++++++++++++- 4 files changed, 39 insertions(+), 3 deletions(-) diff --git a/repoze/bfg/sampleapp/templates/blog.pt b/repoze/bfg/sampleapp/templates/blog.pt index 8eb3945db..b428374fc 100644 --- a/repoze/bfg/sampleapp/templates/blog.pt +++ b/repoze/bfg/sampleapp/templates/blog.pt @@ -15,7 +15,7 @@ ${entry.created} -

+

Add blog entry

diff --git a/repoze/bfg/sampleapp/views.py b/repoze/bfg/sampleapp/views.py index ce591dec2..5b72c8a28 100644 --- a/repoze/bfg/sampleapp/views.py +++ b/repoze/bfg/sampleapp/views.py @@ -5,12 +5,17 @@ from webob.exc import HTTPFound from repoze.bfg.template import render_template from repoze.bfg.sampleapp.models import BlogEntry +from repoze.bfg.security import has_permission def datestring(dt): return dt.strftime('%Y-%m-%d %H:%M:%S') def blog_default_view(context, request): entrydata = [] + + can_add = False + if has_permission('add', context, request): + can_add = True for name, entry in context.items(): entrydata.append( { @@ -23,7 +28,7 @@ def blog_default_view(context, request): ) return render_template('templates/blog.pt', name=context.__name__, - entries=entrydata) + entries=entrydata, can_add=can_add) def blog_entry_default_view(context, request): info = { diff --git a/repoze/bfg/security.py b/repoze/bfg/security.py index 6f2c858e3..21a0a3f2a 100644 --- a/repoze/bfg/security.py +++ b/repoze/bfg/security.py @@ -1,4 +1,6 @@ from zope.interface import implements +from zope.component import queryUtility + from zope.location.location import LocationIterator from repoze.bfg.interfaces import ISecurityPolicy @@ -11,6 +13,12 @@ Authenticated = 'system.Authenticated' Allow = 'Allow' Deny = 'Deny' +def has_permission(permission, context, request): + policy = queryUtility(ISecurityPolicy) + if policy is None: + return True + return policy.permits(context, request, permission) + class ACLAuthorizer(object): def __init__(self, context, logger=None): diff --git a/repoze/bfg/tests/test_security.py b/repoze/bfg/tests/test_security.py index 8a4c624e9..832cc8a43 100644 --- a/repoze/bfg/tests/test_security.py +++ b/repoze/bfg/tests/test_security.py @@ -276,6 +276,27 @@ class RemoteUserACLSecurityPolicy(unittest.TestCase, PlacelessSetup): self.assertEqual(authorizer_factory.permission, 'view') self.assertEqual(authorizer_factory.context, context) +class TestHasPermission(unittest.TestCase): + def _getFUT(self): + from repoze.bfg.security import has_permission + return has_permission + + def _registerSecurityPolicy(self, secpol): + import zope.component + gsm = zope.component.getGlobalSiteManager() + from repoze.bfg.interfaces import ISecurityPolicy + gsm.registerUtility(secpol, ISecurityPolicy) + + def test_registered(self): + secpol = DummySecurityPolicy(False) + self._registerSecurityPolicy(secpol) + has_permission = self._getFUT() + self.assertEqual(has_permission('view', None, None), False) + + def test_not_registered(self): + has_permission = self._getFUT() + self.assertEqual(has_permission('view', None, None), True) + class TestViewPermission(unittest.TestCase): def _getTargetClass(self): @@ -352,7 +373,9 @@ class make_authorizer_factory: raise NoAuthorizationInformation() return result return Authorizer() - + + + -- cgit v1.2.3